AAD B2C Custom Policy | Why is there a delay in JWT Token Activation from AAD B2C Custom Policy Flow?

Kiran Zende 85 Reputation points
2024-04-01T07:42:10.88+00:00

Hello Team,

We've implemented an authentication flow in our application using Azure AD B2C custom policy and MSAL.

Following successful authentication, we've encountered an issue where our application fails to load the dashboard promptly. However, introducing a delay of 5 seconds in the code resolves the issue. It appears that there's a delay in JWT activation. Our UI application is developed using MSAL.

Additionally, we have another backend application that consumes the JWT generated by the custom B2C policy through client credentials flow. Here, too, we've noticed that the token isn't immediately active, requiring a delay of 2.5 seconds.

Could you please assist us in understanding if there are any missing configurations in the custom policy or code that might be causing this delay in JWT activation?

Attached is the Technical Profile of JwtIssuer.

  
<ClaimsProvider>
      <DisplayName>Token Issuer</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="JwtIssuer">
          <DisplayName>JWT Issuer</DisplayName>
          <Protocol Name="OpenIdConnect" />
          <OutputTokenFormat>JWT</OutputTokenFormat>
          <Metadata>
            <Item Key="client_id">{service:te}</Item>
            <Item Key="issuer_refresh_token_user_identity_claim_type">objectId</Item>
            <Item Key="SendTokenResponseBodyWithJsonNumbers">true</Item>
            <!-- CDChange : Added below extra metadata keys to increase lifetime of token. -->
            <!-- Token lifetime is set to 8 hours -->
            <Item Key="token_lifetime_secs">28800</Item>
            <Item Key="id_token_lifetime_secs">28800</Item>
            <Item Key="refresh_token_lifetime_secs">86400</Item>
            <Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
            <Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
            <Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
          </Metadata>
          <CryptographicKeys>
            <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
            <Key Id="issuer_refresh_token_key" StorageReferenceId="B2C_1A_TokenEncryptionKeyContainer" />
          </CryptographicKeys>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-jwt-issuer" />
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

Let us know if any further information is needed.

Thank you in advance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,694 questions
{count} votes

Accepted answer
  1. Shweta Mathur 29,746 Reputation points Microsoft Employee
    2024-04-02T07:47:46.74+00:00

    Hi @Kiran Zende ,

    Thanks for reaching out.

    There could be a few reasons for this delay. One possibility is that the token issuance rate per second for your user flow is being exceeded. The token issuance rate of a Custom Policy is dependent on the number of requests consumed by the static and dynamic endpoints. You can calculate the token issuance rate per second for your User Flow using the formula below:

    Tokens/sec = 200/requests-consumed

    Reference - https://learn.microsoft.com/en-us/azure/active-directory-b2c/service-limits?pivots=b2c-user-flow#token-issuance-rate

    Another possibility is that there is a delay in the token being propagated to the various endpoints. This can happen due to network latency or other factors. In this case, introducing a delay in the code can help resolve the issue.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.